Jump to content

Linux: Enable user access only to ProFTP server / Disable user login via ssh scp and sftp


Recommended Posts

  • Administrators

1. So let’s begin creating a pseudo shell named /bin/ftpaccess


debian:~# touch /bin/ftpaccess

debian:~# echo 'echo "This accout is for ftp access only"' > /bin/ftpaccess

debian:~# echo 'exit 0' >> /bin/ftpaccess

debian:~# chmod +x /bin/ftpaccess


2. It’s also necessary to include the just created pseudo FTP shell/bin/ftpaccess in your /etc/shells file.


echo '/bin/ftpaccess' >> /etc/shells


3. Then edit your /etc/passwd and change in the user shell, you should edit a line similar to:


ftp-user:x:1011:1005:FTP User,,,:/home/ftp-user:/bin/bash


Afterwards the same user /etc/passwd line declaration should look like:


ftp-user:x:1011:1005:FTP user,,,:/home/ftp-user:/bin/ftpaccess


Now the ftp-user user should have an FTP file transfer upload/download access to the server but it’s SSH, SCP and SFTP access will be disabled.


Talking about disabling access of SFTP it’s worthy to mention the RSSH Project .

RSS is quite cool and is able to restrict a shell access via SSH but same time allow users to use the SFTP and SCP protocols.

Other user feedback/experience for accomplishing the same task is very welcome!

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now
  • Create New...